Endor Labs Debuts AI-Native, Multi-Modal SAST, Marking a New Era in Code Flaw Detection

News provided by

Endor Labs

Nov 19, 2025, 09:00 ET

Multi-Agent AI Combined with Advanced Program Analysis Reduces False Positives by 95%, Detects Complex Logic Flaws, and Streamlines Developer Workflows

PALO ALTO, Calif., Nov. 19, 2025 /PRNewswire/ -- Endor Labs, the fastest-growing company in application security, today launched its next-generation AI-native static application security testing (SAST) solution – the first product fully developed on the company's AI platform. Built on the evidence-backed approach behind Endor Labs' Software Composition Analysis (SCA), which reduced false positives by 92% on average for teams at Atlassian, Cursor, Dropbox, OpenAI, Robinhood, and Snowflake, AI SAST extends intelligent, multi-modal code analysis directly into developers' workflows.

While SAST tools have been around for years, their biggest challenges remain the high volume of false positives and dangerous false negatives. Industry benchmarks show false-positive rates of 68-78%, with some teams reporting up to 95% on production code — creating massive triage overhead, often 15–30 minutes per finding. But the other side of the problem is just as serious: false negatives that miss architecture weaknesses and business logic flaws, giving teams a false sense of security. In an AI-driven threat landscape where attackers move faster than ever, tools that overlook critical issues and overwhelm security engineers and developers simply can't keep pace.

The Next Chapter in Secure Coding

Endor Labs' AI SAST uses a multi-modal static analysis engine and LLMs to analyze code like a security engineer. Its multi-agent system orchestrates a variety of specialized agents, including:

  • Detection agents: Review code for architectural and business logic flaws—like broken access control and insecure design—and classify findings against the OWASP Top 10.
  • Triage agents: Filter false positives by analyzing syntax, dataflow, and intent.
  • Remediation agents: Recommend fixes based on context of the code.

"True software understanding requires multiple analytical lenses working in concert — syntax, dataflow, and AI reasoning that can infer intent," said Amod Gupta, VP of Product & Design at Endor Labs. "Instead of funneling entire codebases into an LLM, we apply intelligence only where semantic depth actually matters, enabling fully automated triage at enterprise scale. This multi-modal approach mirrors how top security engineers reason through risk, but delivers it at the speed and scale modern development demands."

Proven Customer Impact

The agents are powered by Endor Labs' proprietary Code API, which helps them build a model of how the code works and context about the organization. Early testing in private repositories with five enterprise partners across technology, data, and security industries demonstrated significant improvements over traditional SAST approaches:

  1. Detects complex business logic and architecture flaws. Endor Labs successfully identified complex logic flaws, including broken access control patterns and insecure APi handling.
  2. Reduces noise compared to legacy SAST tools. In comparative testing, Endor Labs eliminated 95% of false positives, highlighted 4.5% true vulnerabilities, and flagged just 0.5% as unknown.
  3. Accelerates remediation with context-aware fixes. Delivers suggested fixes tailored to each team's specific frameworks, architecture, and coding standards.
  4. Adapts to your organization's standards. Use natural-language prompts to teach your specific practices and policies, with support for 40+ languages.

These efficiency gains enable teams to focus on the 5% of findings that truly impact security, rather than manually triaging each item. By automating reasoning across every finding, Endor Labs turns security into a driver of engineering velocity and helps teams ship code faster and more safely.

To learn more or request early access to AI SAST, book a demo here

About Endor Labs
Endor Labs is building the application security platform for the software development revolution. From open source to AI-generated code, it helps teams identify, prioritize, and fix the vulnerabilities that actually matter—faster. With deep program analysis, automated remediation, and unmatched dataset coverage, Endor Labs empowers modern engineering and security teams to move fast without compromise.

Media Contact
Rebecca Reese
[email protected]

SOURCE Endor Labs

21%

more press release views with 
Request a Demo

Also from this source

Endor Labs Launches 2025 State of Dependency Management Report, Finds 80% of AI-Suggested Dependencies Contain Risks

Endor Labs, the fastest growing company in application security, today released its annual State of Dependency Management 2025: Security in the...

Endor Labs Drives 225% Revenue Growth, Pioneers the Future of Secure SDLC

Endor Labs, the fastest growing company in application security, today announced its biggest quarter to date, driven by unprecedented demand for...
More Releases From This Source

Explore

Computer & Electronics

Computer & Electronics

High Tech Security

High Tech Security

Computer Software

Computer Software

Computer Software

Computer Software

News Releases in Similar Topics